<?php
// 用户找回密码
header("content-type:text/html;charset=utf-8");
include_once("conn.php");

$uid = $_POST['uid'];
$upwd = $_POST['upwd'];
$uphone = $_POST['uphone'];

$sql = "SELECT * FROM tb_user_info WHERE uid='".$uid."'";
$result = mysqli_query($conn, $sql);
if($result){
    if(mysqli_num_rows($result) > 0){
        $info = mysqli_fetch_array($result);
        if($info['ustatus'] == "禁用"){
            echo "<script>alert('该用户已被禁用！暂不可操作！');history.go(-1);</script>";
        }else{
            if($info['uphone'] == $uphone){
                $sql = "UPDATE tb_user_info SET upwd='".$upwd."' WHERE uid='".$uid."'";
                $result = mysqli_query($conn, $sql);
                if($result){
                    echo "<script>alert('密码修改成功！');window.location.href='../login_reg.html';</script>";
                }else{
                    echo "<script>alert('密码修改失败！请重试！');history.go(-1);</script>";
                }
            }else{
                echo "<script>alert('手机号不匹配！');history.go(-1);</script>";
            }
        }
    }else{
        echo "<script>alert('用户不存在！');history.go(-1);</script>";
    }
}else{
    echo "<script>alert('查询信息失败！请重试！');history.go(-1);</script>";
}